Elixir Hub

|byCuriosum

Privacy Policy

For https://elixir-hub.com/

We collect personal data directly from you and from your device when you use the Service.

1) General

This document explains how we process personal data and use cookies on https://elixir-hub.com/ (the "Service").

2) Data Controller

The controller is: Curiosum sp. z o.o., ul. Grudzieniec 32/1, 60-601 Poznań, Poland, entered in the register of entrepreneurs under KRS: 0000833883, NIP: 7812007384, REGON: 385781950.

Data protection contact (not a formal Data Protection Officer unless expressly stated): dpo@curiosum.com (or by post to the address above).

3) Scope and purposes of processing

a) Analytics (Google Analytics 4)

  • Scope: usage data within the Service (cookie identifiers, events, approximate geolocation); IP handling configured in line with EU requirements.
  • Purpose: statistics, traffic measurement, UX improvements.
  • Legal basis: your consent under Art. 6(1)(a) GDPR (we load analytics only after consent via the cookie banner/panel).

b) Newsletter

  • Scope: email address.
  • Purpose: sending the newsletter on Elixir updates and educational content.
  • Legal basis: your consent under Art. 6(1)(a) GDPR.
  • Procedure: opt-in; you can unsubscribe with one click in every email.

c) Strictly necessary technical data

  • Scope: server logs and operational data required to ensure availability, security and to prevent abuse.
  • Legal basis: our legitimate interests under Art. 6(1)(f) GDPR (security, reliability, availability and fraud/abuse prevention).

4) Voluntary nature

Providing data is voluntary, but:

  • without consent for analytics cookies we will not measure your visits,
  • without providing an email we cannot subscribe you to the newsletter.

Providing personal data is not a statutory or contractual requirement, nor is it necessary to enter into a contract with us.

5) Data recipients (categories)

  • Google Ireland Limited (Google Analytics); possible transfers to Google LLC (USA) with appropriate safeguards.
  • Email service provider (e.g., MailerLite) acting as our processor; data stored in the EU.
  • Hosting/IT and technical support providers, under data processing agreements.

6) Transfers outside the EEA

Data may be transferred to third countries (e.g., the USA) in connection with tools we use. We apply appropriate safeguards, in particular mechanisms under the EU-U.S. Data Privacy Framework (for certified providers) and/or Standard Contractual Clauses. You can obtain a copy of, or information about, these safeguards by contacting us at dpo@curiosum.com.

7) Data retention

  • Analytics cookies: until you withdraw consent or until the provider's expiry periods; typically: "_ga" and "_ga_<ID>" – up to 2 years; "_gid" – 24 hours.
  • GA4 event-level data (non-cookie storage): retained according to our GA4 configuration (typically up to 14 months).
  • Newsletter: until you withdraw consent (unsubscribe) or the newsletter service ends, then for the period necessary to demonstrate accountability.
  • Technical logs: generally up to 30 days (longer if required by law or for evidential/security purposes).
  • Consent records (cookie and newsletter): retained for the period necessary to demonstrate compliance (e.g., until potential claims are time-barred).

8) Your rights

You have the right to access, rectify, erase, restrict processing, and data portability, as well as to object where processing is based on Art. 6(1)(f) GDPR. You may withdraw consent at any time (withdrawal does not affect processing performed before withdrawal). You also have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland) or with your local supervisory authority in the EU/EEA.

9) Cookies and similar technologies

a) Categories

  • Necessary – ensure basic functions of the Service (legal basis: Art. 6(1)(f) GDPR).
  • Analytics (GA4) – traffic and behavior measurement; loaded only after your consent (Art. 6(1)(a) GDPR).

b) Managing consent

On your first visit we display a banner. You can change/withdraw consent at any time via the "Cookie settings" link in the footer or through your browser settings. Lack of consent does not limit access to the Service content.

c) Example GA4 analytics cookies

  • _ga – user distinction – persistent – up to 2 years
  • _ga_<ID> – session state – persistent – up to 2 years
  • _gid – user distinction – persistent – 24 hours

(Note: actual names/periods may vary per Google's documentation and our configuration.)

10) Newsletter – additional information

We use opt-in. Our emails may include basic statistics (opens/clicks) to improve content; the legal basis is your consent, which you can withdraw at any time.

11) Automated decision-making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you (Art. 22 GDPR).

12) Children's data

The Service is not directed to children under 16. We do not knowingly collect their personal data.

13) Security

We apply appropriate technical and organizational measures, including HTTPS, access control, and processor agreements with vendors.

14) Changes to this Policy

We may update this Policy due to legal or technological changes. The new version will be published on the Service with an updated date.

15) Contact

For any data matters: dpo@curiosum.com

Version date: 22 Aug 2025

🍪 We use cookies

We use analytics to understand how you use our site and improve your experience. Read our Privacy Policy for more details.